package com.jiujichaoshi.oauth.server.security;

import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * Description:防刷Filter，用于校验重要表单提交时是否经过人机认证。子类需要实现是否通过认证方法。
 * 实现人机校验这是方法一，使用filter的方式。
 * 使用interceptor的方式见{@link com.jiujichaoshi.oauth.server.security.verify.VerifyHandlerInterceptor}
 *
 * @author YangLong [410357434@163.com]
 * @version V1.0
 * @date 2021/2/5
 */
public abstract class AbstractDdosDefenderFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (pass(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            //这里需要通过response来返回相应的错误提示信息，或者抛出异常，使用统一异常处理
            System.out.println("未通过防刷验证");
        }
    }

    /**
     * 判断请求是否能够通过防刷验证
     *
     * @param httpServletRequest 请求
     * @return 能够通过验证true，反之false
     */
    protected abstract boolean pass(HttpServletRequest httpServletRequest);
}
